What a hash is
A hash function takes any input — a word, a paragraph, or an entire file — and produces a fixed-length string of hexadecimal characters called a digest. The same input always yields the same digest, but even a one-character change produces a completely different result, and the process is one-way: you cannot reverse a digest back into the original text. Hashes are the workhorses of computing, used for verifying downloads, indexing data, detecting changes, and storing password verifiers.
The algorithms explained
MD5 and SHA-1 produce shorter digests (128 and 160 bits) and are fast, which makes them fine for non-security tasks like checksums and cache keys — but both are cryptographically broken and must never be used for security. The SHA-2 family — SHA-256, SHA-384, and SHA-512 — is current and secure; SHA-256 is the standard choice for file integrity, digital signatures, and blockchain, while the larger variants offer extra margin. Seeing all five side by side makes it easy to match whatever a website, tool, or specification asks for.
How this tool computes them
The SHA hashes are calculated with crypto.subtle, the browser's native Web Crypto API, which is fast and audited. MD5 is not part of Web Crypto, so this tool includes a compact, self-contained MD5 implementation that runs locally. Both approaches keep computation on your device — there is no server call — and the results are byte-for-byte identical to what command-line tools like sha256sum or md5 would produce for the same input.
Common uses
The most common use is verifying file integrity: a download page publishes a SHA-256 hash, you hash the file you received, and matching digests prove nothing was corrupted or tampered with in transit. Developers use hashes as unique keys, cache identifiers, and change-detection fingerprints. You can also hash a string to see how these functions behave, or to compare two pieces of text for an exact match without revealing their contents. Note that this tool hashes text you type, which is ideal for strings and checksummable values.
Security notes
Two cautions matter. First, never store passwords with plain MD5, SHA-1, or even raw SHA-256 — password storage requires a slow, salted algorithm like bcrypt, scrypt, or Argon2 specifically designed to resist brute force. Second, treat MD5 and SHA-1 as suitable only for non-adversarial checksums, not for anything where an attacker might try to forge a match. Everything here runs in your browser, so the text you hash is never transmitted or logged and stays private to your device.